* Why does it work ?
[not found] <91522494.4338044.1525157544752.ref@mail.yahoo.com>
@ 2018-05-01 6:52 ` reiner otto
0 siblings, 0 replies; only message in thread
From: reiner otto @ 2018-05-01 6:52 UTC (permalink / raw)
To: wireguard
Having found myself a solution to the problem described in https://lists.zx2c4.com/pipermail/wireguard/2018-April/002736.html,
(I only want to tunnel all traffic destined to 1.2.3.4, the ubuntu-server, via wg from client, an openwrt-router.
Where 1.2.3.4 also is endpoint of tunnel. All other traffic via eth0 of client to the web.)
I am not really happy with my solution, as I found it simply by try-and-error. And the solution looks odd to me, because in essence
it is the following sequence of statements in my rc.local, when starting wg on the client:
...
/etc/wireguard/wireguard_up.sh
/etc/wireguard/wireguard_down.sh
/etc/wireguard/wireguard_up.sh
Or, in other words, simple
/etc/wireguard/wireguard_up.sh
does not work. (After starting wg on client, wg does not show any received data.)
One difference I found between working and non-working in /proc/net/nf_conntrack:
working:
ipv4 2 udp 17 158 src=192.168.178.49 dst=1.2.3.4 sport=5555 dport=5555 packets=2615 bytes=384236 src=1.2.3.4 dst=192.168.178.49 sport=5555 dport=5555 packets=2414 bytes=447664 [ASSURED] mark=0 use=2
not working:
ipv4 2 udp 17 55 src=192.168.178.49 dst=1.2.3.4 sport=5555 dport=5555 packets=31 bytes=5456 [UNREPLIED] src=172.16.0.1 dst=172.16.18.31 sport=5555 dport=5555 packets=0 bytes=0 mark=0 use=15
192.168.178.49: IP of eth0 of my router/client (received via dhcp)
172.16.0.1: wg-ip of 1.2.3.4
172.16.18.31: wg-ip of client
Not using wg-quick anywhere, the configurations of wg:
server, wg0.conf:
[Interface]
ListenPort = 5555
PrivateKey = ....
[Peer]
PublicKey = ....
#No diffference whether using one of next two
#AllowedIPs = 172.16.0.0/16
AllowedIPs = 0.0.0.0/0
server, wg_up.sh:
ip link add wg0 type wireguard
wg setconf wg0 /etc/wireguard/wg0.conf
ip address add 172.16.0.1/16 dev wg0
ip link set mtu 1420 dev wg0
ip link set wg0 up
server, wg_down.sh:
ip link delete dev wg0
---------
client, wg0.conf:
[Interface]
PrivateKey = ...
ListenPort = 5555
[Peer]
PublicKey = ...
AllowedIPs = 172.16.0.0/16
Endpoint = 1.2.3.4:5555
PersistentKeepalive = 25
client, wg_up.sh:
ip link add wg0 type wireguard
wg setconf wg0 /etc/wireguard/wg0.conf
ip address add 172.16.18.31/16 dev wg0
ip link set mtu 1420 dev wg0
ip link set wg0 up
iptables -t nat -I POSTROUTING -o wg0 -j MASQUERADE
iptables -t nat -A OUTPUT -d 1.2.3.4 -j DNAT --to-destination 172.16.0.1
client, wg_down.sh:
ip link delete dev wg0
iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
iptables -t nat -D OUTPUT -d 1.2.3.4 -j DNAT --to-destination 172.16.0.1
It looks like some important info secretly kept during
/etc/wireguard/wireguard_up.sh
/etc/wireguard/wireguard_down.sh
so that next
/etc/wireguard/wireguard_up.sh
succeeds.
Having got some feedback from different sources, that
it is not possible to do, what I want, some insight into my "magic"
appreciated :-)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-05-01 6:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <91522494.4338044.1525157544752.ref@mail.yahoo.com>
2018-05-01 6:52 ` Why does it work ? reiner otto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).